Firewall as a Service

FWaaS is a Neutron extension that introduces a Firewall. This firewall requires a router so for our tutorial we will setup environment.

  • private network (we use 10.1.1.0/24 in this tutorial)
  • router with external network connectivity

Now we will create a firewall which allows SSH communication with our private network.

First of all, we will create a rule that allows this kind of communication.

OpenStack firewall as a service

After that we can create a firewall policy that includes this rule.

OpenStack firewall as a service policy

We can select order of rules in case of adding multiple rules – for example we can deny some kind of a traffic at first and allow the rest after that.

Finally we can create a firewall with our policy.

OpenStack firewall as a service

And in last step we will assign this firewall to our router.

OpenStack firewall as a service

Now we have a firewall that allows SSH traffic to our network to go trough:

OpenStack firewall as a service done

Keep in mind that any traffic that has no rule in firewall will be dropped. Instances behind such firewall will be unreachable even with an ICMP ping.

Last modified: 0001-01-01